Shaun Waterman – Page 18 – WindowsTechs.com

NSA’s Rogers asks for big budget bump to separate U.S. Cyber Command

Posted on May 24, 2017 by Shaun Waterman

The nation’s top cyberwarrior bluntly told a House panel Tuesday that it would take a 16 percent increase in U.S. Cyber Command’s budget to separate it from the NSA and become a full-fledged combatant command, as lawmakers want. “To execute our mission I have asked for a budget of $647 million, which is a nearly 16 percent increase from 2017,” Adm. Michael Rogers told a hearing of the Armed Services Subcommittee on Emerging Threats and Capabilities convened by Chairwoman Elise Stefanik, R-N.Y., to examine the fiscal 2018 request for Cyber Command. Rogers, who leads Cyber Command and is also NSA director, said the money would be spent “building out” the command’s cyber fighting units, called Cyber Mission Forces, and other cyber-specific capabilities. The 6,200-strong CMF is on track to be fully operational by Oct. 1 next year, he said. The National Defense Authorization Act for fiscal 2017 mandated the elevation of Cyber Command — which […]

The post NSA’s Rogers asks for big budget bump to separate U.S. Cyber Command appeared first on Cyberscoop.

Continue reading NSA’s Rogers asks for big budget bump to separate U.S. Cyber Command→

Budget would boost DHS cyber efforts in NCCIC, CDM

Posted on May 23, 2017 by Shaun Waterman

President Trump’s budget proposal, unveiled Tuesday, would boost spending on the Department of Homeland Security’s 24-hour digital-attack watch center by almost $50 million and more than double the funding for a governmentwide online security tools program to $279 million. The proposal would also treble the size of the tiny team of DHS cybersecurity advisers who work with key businesses across the country. Despite these increases, not every tech element of the department got its funding goosed. Research and development in the DHS Science and Technology Directorate was slashed by $100 million and the allocation for the CIO office was also down $60 million. In documents released by the department and the White House Office of Management and Budget, the administration says it is asking for $3.28 billion for DHS’s National Protection and Programs Directorate, which includes most of the department’s cyber functions. It would be an increase of $196 million over fiscal 2017. The […]

The post Budget would boost DHS cyber efforts in NCCIC, CDM appeared first on Cyberscoop.

Continue reading Budget would boost DHS cyber efforts in NCCIC, CDM→

FTC pushed from Hill on hacking of smart toys, kids’ privacy

Posted on May 22, 2017 by Shaun Waterman

Federal cybersecurity and privacy protections for children are not keeping up with the burgeoning data collection engaged in by “smart” toys and online games, Sen. Mark Warner said Monday, asking the Federal Trade Commission if the law needs to be changed. In a letter to acting FTC Chairwoman Maureen Ohlhausen, the senator says he’s concerned the agency is soft-pedaling the dangers the Internet of Things might pose for children, citing a speech she gave earlier this year. “Reports of your statements casting these risks as merely speculative — and dismissing consumer harms that don’t pose “monetary injury or unwarranted health and safety risks” — only deepen my concerns,” the Virginia Democrat wrote. He cites the recent example of CloudPets, a product from Spiral Toys that’s marketed as “a message you can hug.” The company turned out to be storing users’ personal data in an insecure, public-facing online database — reportedly exposing over 800,000 customer logins and passwords and more than 2 million voice recordings […]

The post FTC pushed from Hill on hacking of smart toys, kids’ privacy appeared first on Cyberscoop.

Continue reading FTC pushed from Hill on hacking of smart toys, kids’ privacy→

Ukrainian hacker who stole data for insider trading ring sentenced

Posted on May 22, 2017 by Shaun Waterman

A Ukrainian member of a hacker gang that stole advance copies of electronic press releases from newswire companies got two-and-a-half years in prison Monday for his role in the insider trading scam, which prosecutors say netted the hackers and their securities-trader partners about $30 million. Authorities say it’s the largest cyber-enabled securities fraud ever prosecuted. In a release from acting U.S. Attorney for the District of New Jersey William Fitzpatrick, prosecutors state that the man — 29-year-old Vadym Iermolovych of Kiev — had pleaded guilty last year to conspiracy to commit wire fraud, conspiracy to commit computer hacking and aggravated identity theft. U.S. District Judge Madeline Cox Arleo imposed the sentence, which added three years’ supervised probation and over $3 million in restitution. A spokesman for Fitzpatrick’s office told CyberScoop the sentence was imposed in line with federal guidance but that Iermolovych, as a foreign national, would in all likelihood be deported upon release from prison. […]

The post Ukrainian hacker who stole data for insider trading ring sentenced appeared first on Cyberscoop.

Continue reading Ukrainian hacker who stole data for insider trading ring sentenced→

Super-stealthy attackers used NSA exploit weeks before WannaCry

Posted on May 19, 2017 by Shaun Waterman

Weeks before the WannaCry ransomware spread like wildfire through unpatched Windows systems, a more sophisticated, stealthier attacker used the same NSA-engineered cyberweapon to infiltrate the IT networks of companies across the world, including at least one publicly traded in the U.S., according to new research. So stealthy was the fileless, in-memory attack, which hides itself inside the activity of a legitimate application, that it evaded five different security products running on the infected system, Gil Barak, CTO of Israeli cybersecurity firm Secdo told CyberScoop. Those products included so-called “next generation” filters that don’t rely on known signatures, he said. “Not only did they not stop the attack, they couldn’t even see it,” he said. Attackers using the technique “can pretty much do what they want, unnoticed — and then vanish.” Barak wrote a blog post on the attack and appeared with noted security researcher Jake Williams on a webcast this week where the two discussed the […]

The post Super-stealthy attackers used NSA exploit weeks before WannaCry appeared first on Cyberscoop.

Continue reading Super-stealthy attackers used NSA exploit weeks before WannaCry→

Should the government stockpile zero day software vulnerabilities?

Posted on May 19, 2017 by Shaun Waterman

Storm clouds are rising over the U.S. government’s policy on software flaw disclosure after the massive WannaCry infection spread using a cyberweapon developed by the NSA, and even former agency leaders say it might be time to take a fresh look at the Vulnerability Equities Process. Under the VEP, U.S. officials weigh the benefits of disclosing a newly discovered flaw to the manufacturer — which can issue a patch to protect customers — or having the government retain it for spying on foreign adversaries who use the vulnerable software. The process has always had a bias toward disclosure, former federal officials said. “We disclose something like 90 percent of the vulnerabilities we find,” said Richard Ledgett, who retired April 28 as the NSA’s deputy director. “There’s a narrative out there that we’re sitting on hundreds of zero days and that’s just not the case,” he told Georgetown University Law Center’s annual cybersecurity law institute. […]

The post Should the government stockpile zero day software vulnerabilities? appeared first on Cyberscoop.

Continue reading Should the government stockpile zero day software vulnerabilities?→

Cyber scorecard leverages rivalry at DOJ agencies

Posted on May 17, 2017 by Shaun Waterman

The Department of Justice uses a cybersecurity scorecard issued at every one of its monthly CIO council meetings to stoke a friendly rivalry between component agencies, a senior official said Tuesday. “We all look very closely at the scores, because it’s reported to the council with everyone right there,” Karl Mathias, the CIO and assistant director of the U.S. Marshals Service told a breakout session at VMWare’s Public Sector Innovation Summit, presented by FedScoop. “I have standing instructions to my CISO,” he added, “I want to see [the Bureau of Alcohol, Tobacco and Firearms] in my rearview mirror on that card. We beat them every time.” Mathias credited Justice Department CIO Joe Klimavicz with the idea. Asked about the basis for the scores, Mathias declined to go into detail, but said basic hygiene measures and patching were included. He told CyberScoop the competition between the dozen-plus components was “good natured and […]

The post Cyber scorecard leverages rivalry at DOJ agencies appeared first on Cyberscoop.

Continue reading Cyber scorecard leverages rivalry at DOJ agencies→

OMB stakes out central role in cyber, IT modernization

Posted on May 17, 2017 by Shaun Waterman

The White House Office of Management and Budget will be at the center of the Trump administration’s move to modernize and secure federal computer networks, the government’s senior-most IT official said Wednesday. The agency is at the hinge where several important IT initiatives meet the federal budgeting process, explained acting federal CIO Margie Graves. Not only does it help implement the Federal Information Security Modernization Act, or FISMA, but it also has new tasks under the cybersecurity executive order signed recently. Under the EO, every federal agency or department has to conduct a risk assessment using the Cybersecurity Framework developed by the National Institute of Standards and Technology, and then submit it to the OMB director and the Homeland Security secretary. That process, she told the Public Sector Innovation Summit presented by VMware, was the essential underpinning for both security and modernization efforts because it identifies the areas where investment is needed. It also had the added benefit […]

The post OMB stakes out central role in cyber, IT modernization appeared first on Cyberscoop.

Continue reading OMB stakes out central role in cyber, IT modernization→

With flexibility in mind, NIST unveils latest draft of cyber framework

Posted on May 16, 2017 by Shaun Waterman

The new version of the federal Cybersecurity Framework being drafted at the National Institute of Standards and Technology will be “backwards compatible,” a workshop at the agency’s Gaithersburg, Maryland, headquarters was told Tuesday. It means organizations already using version 1.0 will be able to seamlessly adopt the new draft, NIST’s Matthew Barrett told attendees. As a result, he said, there would be less flexibility to tinker with the higher level concepts in the framework, like the five key functions that make up its core: identify, protect, detect, respond and recover. But each function is divided and subdivided and there’s more flexibility to add or delete concepts at those levels, Barrett explained. Adding or removing is fine, but “moving items to a different place in the conceptual framework” will break most implementations, he said, because companies or other organizations using it will have aligned their business processes with the structure in 1.0. Nonetheless, attendees […]

The post With flexibility in mind, NIST unveils latest draft of cyber framework appeared first on Cyberscoop.

Continue reading With flexibility in mind, NIST unveils latest draft of cyber framework→

HHS working on cyber guidelines for health industry

Posted on May 16, 2017 by Shaun Waterman

The U.S. Department of Health and Human Services, taking a cue from Congress, has begun developing principles and best practices for cybersecurity in health care, officials said Tuesday. “We had an information day … and we are kicking off next week,” said Julie Anne Chua, from the office of the department’s chief information officer. She spoke at a cybersecurity workshop at the National Institute of Standards and Technology. Section 405d of the 2015 Cybersecurity Act — passed as part of the massive omnibus appropriations nearly 18 months ago — is titled “Aligning health care industry security approaches.” It mandates the HHS secretary “to lead a task group to put together a set of voluntary, consensus-based principles and best practices for cybersecurity in the health sector,” explained Chua. As the law requires, it will be consistent with the NIST Cybersecurity Framework and the privacy and security provisions of the Health Insurance Portability and […]

The post HHS working on cyber guidelines for health industry appeared first on Cyberscoop.

Continue reading HHS working on cyber guidelines for health industry→